g
gawk : Find and Replace text within file(s)
getopts : Parse positional parameters
grep : Search file(s) for lines that match a given pattern
groupadd : Add a user security group
groupdel : Delete a group
groupmod : Modify a group
groups : Print group names a user is in
gzip : Compress or decompress named file(s)

h
hash : Remember the full pathname of a name argument
head : Output the first part of file(s)
help : Display help for a built-in command
history : Command History
hostname : Print or set system name

i
iconv : Convert the character set of a file
id : Print user and group id's
if : Conditionally perform a command
ifconfig : Configure a network interface
ifdown : Stop a network interface
ifup Start a network interface up
import : Capture an X server screen and save the image to file

w
wait : Wait for a process to complete
watch: Execute/display a program periodically
wc : Print byte, word, and line counts
whereis : Search the user's $path, man pages and source files for a program
which : Search the user's $path for a program file

while : Execute commands
who : Print all usernames currently logged in
whoami : Print the current user id and name (`id -un')
wget : Retrieve web pages or files via HTTP, HTTPS or FTP

Saturday, December 19, 2015

•Use strongly typed parameterized query APIs with placeholder substitution markers, even when calling stored procedures.
•You can prevent SQL injection if you adopt an input validation technique in which user input is authenticated against a set of defined rules for length, type and syntax and also against business rules.
•You should ensure that users with the permission to access the database have the least privileges. Additionally, do not use system administrator accounts like “sa” for web applications. Also, you should always make sure that a database user is created only for a specific application and this user is not able to access other applications. Another method for preventing SQL injection attacks is to remove all stored procedures that are not in use.
•Show care when using stored procedures since they are generally safe from injection. However, be careful as they can be injectable (such as via the use of exec() or concatenating arguments within the stored procedure).

•Attackers provide specially crafted input data to the SQL interpreter and trick the interpreter to execute unintended commands.
•Attackers utilize this vulnerability by providing specially crafted input data to the SQL interpreter in such a manner that the interpreter is not able to distinguish between the intended commands and the attacker’s specially crafted data. The interpreter is tricked into executing unintended commands.

•A SQL injection attack exploits security vulnerabilities at the database layer. By exploiting the SQL injection flaw, attackers can create, read, modify or delete sensitive data.
SQL Injections: The Most Prevalent Type of Application Security Vulnerability
With more than 20 percent of all web vulnerabilities being attributed to SQL injection, this is the second most common software vulnerability. Therefore, having the ability to find and prevent SQL injection should be top of mind for web developers and security personnel. In general, a SQL injection attack exploits a web application that does not properly validate or encode user-supplied input and then uses that input as part of a query or command against a back-end database. For example, a typical form may ask for an ID and create a URL: "http://www.somewebsite.com/id/id.asp?id=somedata". An attacker using SQL injection may enter "somedata or 1=1". If the web application does not properly validate or encode the user-supplied data and sends it directly to the database, the reply to the query will expose all IDs in the database, since the condition "1=1" is always true. This is a basic example, but it illustrates the importance of sanitizing user-supplied data before using it in a query or command.